Witold Baryluk <bary...@smp.if.uj.edu.pl> writes: > On 02-13 16:01, Simon Josefsson wrote: > > Can provide any logs if needed. >> >> Please do (gnutls-cli --print-cert -d 4711 against your server). A >> trusted root CA certificate signed with RSA-MD5 should not cause any >> problems. Only intermediate non-trusted certificates signed with >> RSA-MD5 should be rejected. > > Strange because in my configuration, certificate of LDAP server > is directly signed by my root CA certificate. > > http://smp.if.uj.edu.pl/~baryluk/ldaptlsdebug.txt
Your end-entity certificate is signed using RSA-MD5, so the reject is as expected. A better description of the rejects might be "RSA-MD5 signatures in untrusted certificates". /Simon -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
